Over the past few years, cloud-based certificate services have become increasingly more common. As customers discover the conveniences provided by storing, managing, and using keys remotely, more and more customers have moved their key and certificate operations to secure online facilities. Key operations performed online include encryption, decryption, and object signing.
However, moving signing operations creates significant security risks as attackers can compromise the signing system and freely create trusted code. To move to a cloud-based signing solution, customers need a highly secure and auditable environment. After all, there are new reports every day of a system being compromised. A static signing system lacks the security of a dynamic signing system as an attacker can insert malware during the signing process once the signing environment is compromised. A highly secure and audit system prevents signing abuse while the triggering alerts if the system is ever compromised. The dynamic environment means that even if a single signing instance is compromised, future signings can proceed in a secure fashion without the being subject to the same compromise.